According to one embodiment of the present invention, a method for providing a secure messaging environment is provided comprising providing a messaging environment in which two or more devices are connected via a network, each device having a client application that provides a graphical user interface for displaying messages within the messaging environment; logging-into the client application; encrypting user-specific information using a personal encryption key; creating a ticket, the ticket comprising a continuously-updated key and an optional expiration setting from a server; and calling the server. The call to the server may comprise the ticket and a target method.
According to another embodiment, a method for providing a secure messaging environment is provided. A messaging environment in which two or more devices are connected via a network is provided, each device having a client application that provides a graphical user interface for displaying data within the messaging environment. A ticket is created, the ticket comprising a continuously-updated encryption key and an optional expiration setting from a server. Data is transmitted to the messaging environment, wherein the data comprises data files, text or word processing files, notes, text messages, voice messages or calls, photos, videos, lists, spreadsheets, web links, or webpages. The data is encrypted. The encrypted data is stored on a database. A new encryption key is created by encrypting 1) user-specific information or a user personal key and 2) a record ID for the stored data. The new encryption key is updated with each transmission of data to the messaging environment, thereby creating the continuously-updated encryption key. The data is displayed in the messaging environment and a client graphical user interface on a user device, thereby providing a continually-encrypted exchange of data in the messaging environment.
According to another embodiment, a system for providing a secure messaging environment is provided. A server provides a messaging environment in which two or more devices are connected via a network, each device having a client application that provides a graphical user interface for displaying messages within the messaging environment. The server encrypts messages sent to the messaging environment and creates a continually-changing encryption key by encrypting user-specific information or a user personal key and a record ID for a stored encrypted message. At least one database stores encrypted messages from the server with each message having a separate record ID.
An advantage of at least one embodiment of the present invention is that tickets may be used with an Internet Protocol (IP) restriction. Thus, it is impossible to use the same ticket on a different network.
Another advantage of at least one embodiment of the present invention is that a ticket may comprise user-specific information. Thus, it is not possible to use the same ticket for a different user. A user must be logged-in as a ticket owner in order to use a ticket.
Yet another advantage of at least one embodiment of the present invention is that a ticket may be protected with an expiration setting. There is no chance to use an expired ticket.
Another advantage of at least one embodiment of the present invention is that there is no way to decrypt all data on database with a single encryption key. Even if a key were compromised, it may allow at best access to a single record, but nothing more.
Another advantage of at least one embodiment of the present invention is that, even if an unauthorized third party (e.g., hacker) gets access to a database or server files, the third party will not have an encryption key for a specific record.
Another advantage of at least one embodiment of the present invention is that a data encryption key may use fragmented keys that are continuously changing and connect one device to another device, allowing for real-time encryption and data removal with nothing being stored on either device. A fragmented key may be composed of user data, server data, and an instance to create a new key that will continuously change.
Yet another advantage of at least one embodiment of the present invention is that, even if unauthorized third parties are on the same network as a server, they will not have be able to obtain a second level encryption key, unless both user parameters and a specific record ID are known.